US journalist suffers hack attack via Apple iCloud
A US tech journalist was cut off from his entire digital life by attackers who tricked Apple support into re-setting his iCloud account.
The attack wiped Mat Honan's iPad, iPhone and Macbook and let hackers into his Gmail and Twitter accounts.
Mr Honan is recovering his data and regaining control of the accounts with the help of Apple and Google.
Commentators said the attack showed up the risk of using cloud-based messaging services.Locked out
Writing on his blog, Mr Honan said he became aware of the attack when his iPhone went dead and then returned to the set-up screen. Initially he assumed it was just a software error and went to connect it to this Macbook Air to restore the data.
His suspicions became aroused when the laptop started and asked him for a PIN even though he had never created one on that device. He turned to his iPad and found that too had been reset.
Mr Honan then called Apple support using his wife's iPhone and used her laptop to sign into Gmail. The password for this had been changed and the backup sent to his iCloud account - to which he no longer had access.
End Quote Derrick Harris GigaOm
We just have to keep on trusting our providers to keep us safe”
It was this attack, said Mr Honan, that produced the rude messages that briefly appeared on the Twitter account of Gizmodo - Mr Honan's employer. The attackers got access to this account because it was linked to his personal Twitter feed.
Mr Honan has been able to find out exactly what happened because one of his attackers, a member of a hacking group called Clan Vv3, got in touch and told him how they did it.
The hackers called Apple technical support and used "social engineering" techniques to convince staff that they were Mr Honan and that the account needed to be re-set.
Via Gizmodo, Mr Honan has been in touch with contacts at Apple, Google and Twitter who have helped restore access to his accounts. He said Apple was investigating the incident to see how to prevent future attacks.
Derrick Harris at tech news site GigaOm said the attack highlighted some "hard truths" about cloud-based services.
Mr Harris said consumers gave up control over their digital lives when they signed for iCloud or similar services. The iCloud service co-ordinates everything a customer does on one Apple device to make it available on all their Apple devices.
"If we want to be part of it, we just have to keep on trusting our providers to keep us safe," he said.